Introducing XSSDB

Sun, 24 Sep 2006 11:18:37 GMT

In a recent post David K suggested that the XSS cheat sheet hosted at ha.ckers.org is not as accessible as it should be.

RSnake, I didn't even know this attack vector was in your cheat sheet and I have been through it loads of times - A table of contents might be cool.

Over the weekend I composed a simple AJAX applications to provide a better way of previewing all attack vectors from RSnake's Cross-site scripting cheat sheet. RSnake has been working on it for quite long time and I really like what he has done so far.

I am planning to extend the attack database with some of my own findings, keeping the original database updated and intact. I am also working on some features that will allow user submissions so the community is able to provide some feedback as well.

Any comments and suggestions will be greatly appreciated. Currently XSSDB works in Firefox only. The application almost works in IE6 and IE7. There seams to be something wrong with Opera.

danieldaniel
Also happily works in Safari/Camino and FF
pdppdp
hi daniel, that's great news. How about the CSS? Is it working correctly? Do you have any suggestions or recommendations? Thanks.
clonclon
exellent job tested in opera 9.02 working nice and your blog is very good Congratulations!
Steve ChristeySteve Christey
kudos to you and Rsnake for a great layout, and for giving names to these attacks. This is the best classification of XSS I've seen so far.
shyaamshyaam
THIS IS AWESOME WORK...
helphelp
All of the cheat sheet content disappeared. Can you fix it?